On 1/26/2011 10:56 AM, Joe Dsuzea wrote:
I will be using these steps to generate the key and csr:
# openssl genrsa -out /etc/ssl/private/server.key 2048
(without des3 so I get no password prompt)
# openssl req -new -key server.key -out domain.server.csr
I will then cat the above server.key and the returned .crt from thawte (or
verisgn) then create a PEM file.
Then this directive will be added in pound.cfg;
Cert "/etc/pound/host.pem"
Do I need to worry about the CA file?
Previously we had a thawte cert where I did not need to deal with any CA file
for POUND. Just the server private key and the return CRT pem'd together
worked fine.
anyone have experience with Thawte/Verisgn and POUND?
I don't have direct experience with Thawte/Verisign certs, but the
principles ought to be universal. If they give you intermediate
certificates, append them onto your PEM file. Pound's configuration
doesn't change. I.e.:
$ cat server.key server.crt intermediate1.crt intermediate2.crt ... >
server.pem
That should be all that's required.
Regards,
--
Dave Steinberg
http://www.geekisp.com/
http://www.steinbergcomputing.com/
http://www.redterror.net/
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
